3 quick wins in identity management

In order to get projects approved during this economic downturn, many IT directors have to demonstrate an almost immediate return on investment. I have heard of projects not getting approval unless ROI can be demonstrated in six months or less.

The good news is that there are some pockets of low hanging fruit in identity management that have a very immediate ROI. But keep in mind the old wisdom of “think big — start small — grow big”. Ideally your quick wins should lead to a broader, transformative strategy to deliver more value.


Consolidation is always a good start. This can save money in staff time, server resources, licensing and support costs. For ROI calculations, the licensing and support costs will usually not translate into savings until a later date, but savings in staff time and server resources are usually immediate. Consolidation projects are also a vital step to get your house in order for a broader strategy to improve efficiency.

More from IT World Canada – Ease your identity management issues

This is a good time to review the number of identity data silos in your enterprise and think about consolidating some. One way to do this is with virtual directories.

Often applications are installed with their own directory server. Identity data is then duplicated through provisioning systems or synchronization mechanisms. Virtual directories can help eliminate some of those extra directory servers by allowing multiple applications to have multiple “views” of the data while connecting to the same physical data source.

The Evergreen: Login and password simplification

Most users have a problem with passwords. Not only do they tend to forget them and then need to be helped by service desks to reset passwords, but it becomes exponentially worse when users have multiple different passwords that need to be remembered and changed at different intervals. It should come as no surprise that projects that simplify the password mess are highly visible.

The ROI is also well documented. However, comprehensive single sign-on is complex, lengthy and expensive to implement.

When password simplification is done in smaller steps, however, the value can be immediate. Because this has high visibility from the standpoint of the users, the perceived value is usually significant. Focus on eliminating either additional passwords or sign-ons. For example, if two systems are using different passwords, you can think about a password synchronization between the two. If you already have a single sign-on system, there might be the possibility to add applications.

Role management

Roles and groups are used to give access to resources and allow users to do things. As more applications are deployed, the number of roles increases.

Roles are often created for one purpose and then reused for another purpose by a different department or application — and that can create unwanted entitlements. Sometimes roles are forgotten and never reaped. After some time, it becomes difficult to tell who actually has access to what, and who authorized the access.

This can be a big problem. For those organizations that are regulated — for example, by the Sarbanes Oxley Act or Basel 2 — lengthy reports must be provided to auditors that contain information about access to high-risk and high-impact applications.

Role management projects can address these shortcomings and enforce proper controls, set up workflows for entitlements and attestation of access. For these projects, ROI can be quick to materialize and implementation time can be fairly short when priorities are set to focus on the most critical applications first. Once the initial quick wins are demonstrated, systems and applications can be added subsequently to the role management system.

Final words

As usual, those who take a good long-term view are usually rewarded most in the long run. But when strategic initiatives are out, and the thinking is tactical, the above mentioned areas have shown the potential for quick wins. These wins have additional benefits because they can be expanded to lead to even more savings later on.

These are tough times for everybody, but that cannot be an excuse to do nothing — those who are smart and creative will be able to push ahead in front of others. Hopefully these ideas will help you delivering value in these tough times.

Felix Gaehtgens is a senior analyst at Kuppinger Cole, a research and advisory firm focused on identity management and cloud computing. Previously, he co-founded and worked for Symlabs, a company specializing on virtual directories and federation.

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now